We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

After a physician in Oklahoma was disciplined for, among other things, using non-HIPAA compliant technology to treat patients, the Oklahoma Medical Board has adopted a new rule (the “Oklahoma Telemedicine Rule”) regarding the practice of telemedicine in the state. The Oklahoma Telemedicine Rule (Okla. Admin. Code. § 435:10-7-13) sets forth multiple requirements regarding the practice of telemedicine, including that “telemedicine encounters must comply with HIPAA (Health Insurance Portability and Accountability Act of 1996) security measures to ensure that all patient communications and records are secure and remain confidential.” Specifically, audio and video equipment must permit “interactive, real-time communications” and “technology must be HIPAA compliant.” If approved by the Oklahoma Legislature and the Governor, the Oklahoma Telemedicine Rule is expected to go into effect later this year.

The Oklahoma Telemedicine Rule defines ‘telemedicine’ as “the practice of healthcare delivery, diagnosis, consultation, treatment, including but not limited to, the treatment and prevention of conditions appropriate to treatment by telemedicine management, transfer of medical data, or exchange of medical education information by means of audio, video, or data communications. Telemedicine is not a consultation provided by telephone or facsimile machine.”

The Oklahoma Telemedicine Rule is notable because it clarifies requiements regarding the practice of telehealth, and it would also make health care providers responsible for HIPAA compliance to both the state Medical Board and the U.S. Department of Health and Human Services. Each entity would be able to discipline providers separately for non-compliance. Given the recent uptick in both the practice of telemedicine and scrutiny of physicians’ privacy and security practices, other states may consider passing similar rules. To prepare for potential changes and ensure compliance with current law, health care providers who practice telemedicine should confirm that their practices are appropriately secure, and providers of programs that facilitate telehealth should ensure the security of their technology.

Compare jurisdictions: Data Security & Cybercrime

“I find the articles on the Lexology newsfeed very relevant and up to date on a variety of topics of interest to my areas of practice. The authors are reliable and current on the topics about which they opine. Even when several law firms write on the same topic, I can often glean new viewpoints and perspectives from the different firms. The headings are also helpful because they briefly and accurately describe the topic and enable me to quickly and efficiently decide what I may or may not want to read in more detail."